Skip to main content

Cloud Access Rules on OPNsense

Published on:
.
1 min read

Zenarmor® has a Cloud Access Security Broker (CASB) feature which allows you to define cloud access rules on your policies. CASB enhances cloud security by offering granular access control over cloud applications. This protects your organization from exposure to unauthorized information in cloud environments by allowing detailed management of individual application components and enforcing specific security policies. By utilizing Zenarmor's CASB capability, you can prevent hazardous sharing that may result in the loss of sensitive data or noncompliance.

Figure 1. Cloud Access Rules in a Policy

note

The Cloud Access Security Broker (CASB) feature is available only for SSE and higher subscriptions.

Zenarmor enables users to establish access rules for nine cloud apps and their associated cloud actions. It is possible to prevent an activity from happening on an individual basis or on the whole platform of a cloud application.

You can easily configure the policy-based Cloud Access Security Broker (CASB) feature by performing the following tasks explained in this guide:

  • Searching Applications to Filter
  • Blocking a Cloud Application
  • Blocking a Cloud Action

Here is a video about Zenarmor Cloud Access Security Broker (CASB) feature.

Searching Applications to Filter

There are nine cloud applications and many application actions on Cloud Access page. You can use the Search field to search and find a specific application or application action. To search for an application/application action in the list just type the application/application action name in the search form.

Figure 2. Searching Cloud Application

Blocking a Cloud Application

You may easily block a cloud application entirely on your network by following these steps:

  1. Navigate to the ZenarmorPolicies on your OPNsense web UI.

  2. Select the policy that you want to configure CASB.

  3. Go to Cloud Access tab. You will see that all cloud applications are allowed by default.

    Figure 3. Default CASB Rules

  4. Find the cloud application that you want to block.

  5. Click on the toggle bar located in the Status column. This will block the application entirely.

    Figure 4. Blocking Cloud Application

  6. Click the Apply Changes button to activate the settings.

Blocking a Cloud Action

You may easily block the action of a specific cloud application on your network by following these steps:

  1. Navigate to the ZenarmorPolicies on your OPNsense web UI.

  2. Select the policy that you want to configure CASB.

  3. Go to Cloud Access tab.

  4. Click on the application name for the action that will be blocked. This will list all actions the application has.

  5. Click on the toggle bar located on the right of the action name, in the Status column. You may block as many actions as you need.

    Figure 5. Blocking Cloud Action

  6. Click the Apply Changes button to activate the settings.

tip

When you block some of the actions in an application, the total number of blocked actions for that application is displayed in the Number of blocked actions column. As illustrated in the previous figure, for example, 5 out of 16 Dropbox application actions are blocked.

Last updated on by Zenarmor